Hey friends! Can someone help clear up some confusion for me about the installation docs? As part of the process of installing a Rancher cluster using RKE2, it says that you need to setup “two” listeners on port 9345 and port 6443. However, the link shown for setting up the LB in a previous step doesn’t mention anything other than port 80 and 443. Am I to understand that I should add 9345 and 6443 as listeners onto the LB? I’m a little nervous about the security implications.

The ingress needs 80 and 443 for anything you want to publish out of the cluster. The control-plane wants 9345 and 6443, but those are only used when bootstrapping new nodes into the cluster.

If you've got control of your DNS I found it easier to just create a hostname with multiple A records for each control plane node and add them as they were ready and not messing with a load balancer.

yeah, that is usually my recommendation as well

Oh interesting - so just create DNS records pointing directly at the nodes in order of node priority or something? Or did you create a separate subdomain for each node?

You'd put the new DNS hostname in the kubeconfig file.

Okay, so just one hostname/subdomain. Thanks for your help!

Great tip! I don't know why I didn't think of that. So easy for my dev nodes.

it will round robin.

i am curious how this works. if we point it to a specific node, then the traffic will all go to the api server on that node?

The control-plane load balancer is only used by agents when joining the cluster, after that they use an internal load-balancer to communicate with the servers.